Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Performance problem when Apply Changes with Large FW Ruleset

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 203 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      breeze
      last edited by

      Hi,

      We are currently running PFSENSE 2.4.2-RELEASE-p1 and have a very large firewall ruleset (currently 7,391 rules in pfctl), which we recently reduced down from ~10,000.

      After hitting "apply changes" on the firewall rules we start seeing (1-10%) packet loss to the gateway. The duration and severity of the packet loss seems to correlate with the amount of rules.

      We have added more resources to the VM and the CPU does not exceed ~50%, RAM usage is only ~10%.

      Has anyone else run into this problem? At the moment we are mitigating by performing changes at night and are spinning up additional pfsense instances to move services onto.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.